lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Dec 2019 11:03:33 +0530
From:   Vignesh Raghavendra <vigneshr@...com>
To:     Michael Walle <michael@...le.cc>,
        Tudor Ambarus <tudor.ambarus@...rochip.com>
CC:     <linux-mtd@...ts.infradead.org>, <devicetree@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>,
        Miquel Raynal <miquel.raynal@...tlin.com>,
        Richard Weinberger <richard@....at>,
        Rob Herring <robh+dt@...nel.org>,
        Mark Rutland <mark.rutland@....com>
Subject: Re: [PATCH 1/2] dt-bindings: mtd: spi-nor: document new flag

Hi Michael,

[...]
>>> +- no-unlock : By default, linux unlocks the whole flash because there
>>> +           are legacy flash devices which are locked by default
>>> +           after reset. Set this flag if you don't want linux to
>>> +           unlock the whole flash automatically. In this case you
>>> +           can control the non-volatile bits by the
>>> +           flash_lock/flash_unlock tools.
>>>
>>
>> Current SPI NOR framework unconditionally unlocks entire flash which
>> I agree is not the best thing to do, but I don't think we need
>> new DT property here. MTD cmdline partitions and DT partitions already
>> provide a way to specify that a partition should remain locked[1][2]
> 
> I know that the MTD layer has the same kind of unlocking. But that
> unlocking is done on a per mtd partition basis. Eg. consider something
> like the following
> 
>  mtd1 bootloader  (locked)
>  mtd2 firmware    (locked)
>  mtd3 kernel
>  mtd4 environment
> 
> Further assume, that the end of mtd2 aligns with one of the possible
> locking areas which are supported by the flash chip. Eg. the first quarter.
> 
> The mtd layer would do two (or four, if "lock" property is set) unlock()
> calls, one for mtd1 and one for mtd2.
> 


> My point here is, that the mtd partitions doesn't always map to the
> locking regions of the SPI flash (at least if the are not merged together).
> 

You are right! This will be an issue if existing partitions are not
aligned to locking regions.

I take my comments back... But I am not sure if a new DT property is the
needed. This does not describe HW and is specific to Linux SPI NOR
stack. How about a module parameter instead?
Module parameter won't provide per flash granularity in controlling
unlocking behavior. But I don't think that matters.

Tudor,

You had a patch doing something similar. Does module param sound good to
you?


-- 
Regards
Vignesh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ